I never miss an opportunity to learn something new from a customer – so last week’s RSA conference was an absolute gold mine for me. And as our first show after coming out of stealth, it was also a big milestone for Concentric!
My meetings at RSA reinforced my belief that we’re on to something big. Data discovery, classification, and risk assessment – especially for the documents and files users create and share – is a problem every security professional I talked to needs to solve. They each have millions – or sometimes even tens of millions – of files that are essentially beyond their reach. They’re struggling to gain visibility and manage risk, and it’s easy to see why. Let me explain.
Imagine you have a few hundred files in a shared folder anyone in your company can see. Lots of companies have one – shared folders make it easy to distribute the various enrollment forms, policy documents, and corporate FAQs everyone needs to see. Now imagine you’ve just discovered someone posted a sensitive document to that folder (like an M&A terms sheet or the latest employee performance reviews). A momentary panic attack, followed by a rapid takedown of the document, would be an appropriate response. Persistent insomnia caused by wondering what else was in that folder would be natural too.
But opening each file and evaluating whether everyone in the company should be able to see it would probably take some poor intern the entire summer. Now multiply that task by millions of files and it’s easy to understand the concern. After all, there just aren’t that many summer interns on the planet. So unstructured data security was a big theme at the show.
The second recurring theme I heard at RSA was antipathy to DLP. DLP puts security professionals in a tough spot. Block too much traffic and your users get angry and less productive. Fail to block sensitive data and your boss gets angry and vindictive. It’s like wearing dentures. You know you have to; you know they’re better than nothing – but you hate it anyways.
It’s not the team that’s to blame, it’s the tool. DLP uses rules, pattern matching, and/or document metadata to decide whether to pass or block a file. It’s just not possible to anticipate every possible eventuality AND write the rules to make sure you’re not impeding the business. The fact that no one likes the day-to-day DLP management slog should surprise exactly no one.
That’s why I’m so excited about what we’ve done here at Concentric. The AI capabilities we have finally make it possible to tackle these security problems at scale. And we’re ready to show you how.